Submeter #804293: CodeLibs Fess 15.5.1 Arbitrary File Writeinformação

TítuloCodeLibs Fess 15.5.1 Arbitrary File Write
DescriçãoThe update() method in AdminDesignAction writes user-supplied content directly to a JSP file on disk after passing it through decodeJsp(). The filter only escapes <% %> scriptlet tags and <%= %> expression tags — JSP EL expressions (${}) are not touched at all. An attacker with the admin-design role can inject JSP EL expressions into content. EL expressions are evaluated by the JSP/Servlet container at render time and can invoke arbitrary Java methods, achieving Remote Code Execution.
Fonte⚠️ https://bv3acdnplbr.feishu.cn/docx/Kk1tdEAfAoV6kZxVozUc8UA4nog?from=from_copylink
Utilizador
 R1ckyZ (UID 92331)
Submissão14/04/2026 10h51 (há 2 meses)
Moderação09/05/2026 08h09 (25 days later)
EstadoAceite
Entrada VulDB362419 [codelibs Fess até 15.5.1 JSP File AdminDesignAction.java update content Elevação de Privilégios]
Pontos20

VoltarVisão GeralPróximo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!